This AI Tool Rips Off Open Source Software Without Violating Copyright

The emergence of Malus.sh underscores how generative AI is reshaping the traditional clean‑room methodology that once required months of manual engineering. By splitting the workflow between a specification‑writing model and a separate code‑generation model, the service reproduces the legal fiction of independent creation while automating the process at a fraction of the cost. This capability lowers the barrier for companies to obtain proprietary‑grade versions of community‑maintained libraries, effectively decoupling functional value from the licensing terms that originally ensured openness.

Legal scholars point to the 1982 IBM BIOS case as the cornerstone for clean‑room defenses, where courts accepted that separate teams could produce non‑infringing clones. However, the AI‑driven variant compresses what used to be a labor‑intensive exercise into a button‑press, challenging the notion that substantial human effort is a prerequisite for originality. If courts extend the IBM rationale to AI‑generated outputs, a wave of license‑free derivatives could flood the market, forcing a reevaluation of how copyright law addresses machine‑learned creations.

Beyond legality, the practice raises profound ethical concerns for the open‑source community. Rewritten code lacks the ongoing stewardship—security patches, bug fixes, and community governance—that defines sustainable open‑source projects. Deploying such orphaned binaries can introduce hidden technical debt and undermine trust in the software supply chain. As AI lowers the cost of bypassing copyleft obligations, stakeholders must grapple with whether preserving collaborative norms or embracing a new, fragmented licensing landscape better serves innovation and security.